First Item

This is the first item in your weblog. Feel free to delete it. ^ TOP

Posted on 08:51:13 by leaguide - No comments

Compliance framework

1.0 INTRODUCTION

THE INTEGRATED TECHNOLOGY COMPLIANCE PROCESS

1.1 Why compliance

1.2 Traditional compliance processes are stove pipe oriented

Traditional capital investment, budgeting, procurement , system life cycle management are stove pipe oriented based on individual application systems.

Traditional compliance processes in application development use command and control approach. I Compliance with consensus via political process to empower the legitimacy of enforcing the compliances Compliance is process to establish the rule and standards similar to the legislative process. Compliance is the process to enforce the rules , guidelines and standards.

2.0 DEFINITION

EA Compliance processes are the mechanism to guide the different developers to transform the enterprise form its as-is environment to the target architecture. Traditionally, EA has been consider as the central planned blueprint effort to design the entire enterprise architect as if it is a gigantic application systems design. Many EA experts have explained the EA concept using the analogy of a house blueprint. Compliance processes have never been a concern because the house is constructed by the same developer.

2.1 Compliance is the enforcement process

2.3.1 Compliance is political processes

Scott W. Ambler, one of the authors in the Practical Guide to Enterprise Architecture[10], says that Enterprise architecture is all about people, so it is futile to put together an EA compliance program based on a �command and control� approach without the participation of stakeholders [2]. Learning from historical solutions on the issue of architecture buy-in, traditional civil engineering has resolved the issues of buy-in from the stakeholders through the political process of consensus. In civil engineering, compliance is established through the political process of consensus with the participation from stakeholders, and compliance is achieved based on an accepted compliance. The LEA compliance process places the political process for making and enforcing IT-related business policies into the business realm of the enterprise.[3]

3.0 THE BENEFIT

EA compliance benefits an organization by facilitating the adoption of EA, and by committing the organization to an ongoing, renewable enterprise architecture process. EA compliance drives the existing processes (such as ITIM, SDLC, and technical standards lifecycle management) for IT projects and systems.
Typical benefits of establishing an EA compliance process include:
� Aligning technology to mission and management;
� Aligning technology and information management with organizational goals and strategies;
� Providing critical information to the IT Investment Management in order to make more relevant decisions;
� Achieving economies of scale through the elimination of redundancies and sharing of data across the enterprise;
� Expediting the integration and migration of legacy systems to target systems;
� Reducing application integration cost and risk;
� Improving information and resource sharing and interoperability.

4.0 THE CHALLENGE
After the hard work of designing the enterprise blueprint, the architects have found out architecture buy-in from the stakeholders are not guaranteed.

5 Compliance structure

Investment management and system development/acquisition are closely linked with the IT architecture. The common focus to integrate the ITA, ITIM and SDLC is the effective and efficient management of IT investment. The INS governance structure aligns to the integration of ITA, ITIM and SDLC and has the following structure. The integrated governance structure

5.4.1 The governance organization description

The following table describes the INS IT governance organizations in the governance organization structure charts.

5.4.1.1.1.1 Governance Organization Description
Investment Management Board The IAB is the authority for all investment decision points, serves as the review authority for projects, ratifies corrective actions, and oversees the implementation of and adherence to the ITIM process. The IAB may establish other ITIM committees or groups to aid in the execution of itsITIM responsibilities. The IAB may also establish review authority thresholds for the Portfolio Managers and other ITIM committees that have been formed. The IAB may, at its discretion, delegate specificInvestment decision point authority to specific Portfolio Managers or otherITIM committees. The IAB may modify the delegated responsibilities of a review authority at any point.
Portfolio Manager Portfolio Managers serve as managers for portfolios and the primary review authority for their portfolio�s projects. They engage in the management and oversight of the projects within their portfolio, and represent these projects to the ESC and the IAB. Within the investment decision process, the Portfolio Manager may be granted approval authority (up to a threshold determined by the IAB) to permit a project to proceed through an investment decision point. The Portfolio Managers also hold periodic management reviews of all projects within their respective portfolios.
Executive Steering Committee (ESC)
Integrated Project Team (IPT) An Integrated Project Team (IPT) executes the project from cradle to grave. The business unit normally establishes the IPT once the IAB makes the first investment decision point determination; however, theBusiness Unit may establish an IPT earlier to assist in the development of the concept paper. The IPT is led by a Business Unit representative and additional membership is included depending on the development phase of the project to ensure that the correct mix of skills to manage the project is resident in the IPT. For example, when the project is in the system development phases of the SDLC, a systems development manager should also be on the IPT. Other potential IPT members are: users, SITD staff, budget and procurement personnel, policy and planning personnel, technical staff, field operations, and legal staff.
Office of S Office of Strategic Information and Technology Development (SITD) The Office of Strategic Information and technology Development (SITD) evaluates existing and emerging technologies to assist business areas determine and implement related strategies and operational plan.
InvestSITD Investment and review branch The Investment Management and Review branch is responsible for ITIM process administration. The branch develops and promulgates the ITIM process requirement and guides.
5.4.1.1.1.1.1 Office of Information and Resources Management (OIRM) The office of Information and Resources Management (OIRM) supports the INS ITIM process by ensuring that IT projects comply with the INS Technology Architecture.
System Assurance Manager The System Assurance (SA) Manager develops and implements the INS SDLC process and the System Development Life Cycle Manual (SDLC Manual).
SA Independent T&E Enterprise System Assurance (SA) independent T&E conducts independent testing and evaluation to verify that the developed system function properly, satisfies the requirement defined in the FRD, and performs adequately in the host environment and to ensure that system errors are identified and addressed prior to deployment.
Technology Architecture Branch The technology Architecture Branch comprises of Technology Architecture, Standards, Enterprise Modeling and requirement management activities.
Architecture Domain Team To create a practical and realistic Technology Architecture, the Architecture Team formulated the concept of Architecture Domain Teams to involve Subject Matter Experts (SME) in the architectural planning. The Architecture Domain Teams focus their efforts on (1) capturing the current architecture environment, (2) defining the initial target architecture by creating a realistic and achievable plan based on existing resources, and (3) providing a technical vision as input to long-term technical architecture planning. While the Architecture Team develops and formulates the INS Technology Architecture, the Architecture Domain Teams serve as Technical Working Groups (TWG) that provide domain-specific expertise to the Architecture Team.
INS IT Project Manager The INS project manager servers as the central point of responsibility for project decisions and activities.
Development Team Project Manager The development Team Project Manager is responsible for accomplishing all work within the scope of the award tasks or project. in accordance with the roles and responsibility outlined in the SDLC manual, and completing the project within the schedule and budget.
Computer System Security Officer The Computer System Security Officer (CSSO) coordinates with the IT Project Manager, System Owner and the Development Team Project Manager to ensure that the system development project complies with established security requirements and the system is certified and accredited before it become operational.

7.0 THE SCOPE OF COMPLIANCE PROCESSES
7.1 The Capital investment
7.2 The project management
7.3 The data compliance
7.4 The security compliance
7.5 The application compliance
7.6 The application compliances
7.7 The infrastructure compliance

^ TOP

Posted on 06:40:28 by leaguide - 32 comments